GCP Resources are organized hierarchically, where the Organization node is the root node in the hierarchy, the Google Cloud Projects are the children of the Organization, and all of the other resources are the children of Google Cloud Projects. You can set IAM policies at different levels of the resource hierarchy.

GCP Resource inherit the policies of the parent resource. The effective policy for a resource is the union of the GCP IAM Policy set at that resource and the GCP IAM Policy inherited from its parent